ProFTPD module mod_time

This module is contained in the mod_time.c file, found
here, for ProFTPD 1.2.x,
and is not compiled by default. Installation instructions can be found
here.

This module is designed to allow for limiting FTP commands based on the time of
day and/or the day of the week. A more detailed explanation of the
usage of this module follows the directive explanations.

This directive applies a comma-delimited list of NamedTimes, in
their given order, to any of the commands in command-expression, for
the users belonging to classes given by class-expression. Any of the
listed FTP commands from those users that do not occur with the
NamedTimes' time limits will be denied.

A class-expression of "*" will match any class.

The command-expression may be composed of a comma-delimited list of
FTP commands to be restricted by time, as well as the meta-command groups of
<Limit>, such as DIRS, READ,
WRITE, LOGIN, and ALL. An additional
meta-command group, NONE, is available for configuring no
restrictions, to be used to relax restrictions imposed by other
mod_time directives.

This directive applies a comma-delimited list of NamedTimes, in
their given order, to any of the commands in command-expression, for
the users belonging to classes given by class-expression. Any of the
listed FTP commands from those users that do not occur with the
NamedTimes' time limits will be denied.

The command-expression may be composed of a comma-delimited list of
FTP commands to be restricted by time, as well as the meta-command groups of
<Limit>, such as DIRS, READ,
WRITE, LOGIN, and ALL. An additional
meta-command group, NONE, is available for configuring no
restrictions, to be used to relax restrictions imposed by other
mod_time directives.

The DisplayAfterHours directive configures an ASCII text filename
which will be displayed to the user should they issue a command that is
restricted by a time limit, and the command occurs outside the allowed time
limits.

DisplayAfterHours supports most of the same
"magic cookies" as the DisplayFirstChdir directive, as
well as one "magic cookie" specific to mod_time:

This directive applies a comma-delimited list of NamedTimes, in
their given order, to any of the commands in command-expression, for
the users belonging to classes given by class-expression. Any of the
listed FTP commands from those users that do not occur with the
NamedTimes' time limits will be denied.

A group-expression of "*" will match any group.

The command-expression may be composed of a comma-delimited list of
FTP commands to be restricted by time, as well as the meta-command groups of
<Limit>, such as DIRS, READ,
WRITE, LOGIN, and ALL. An additional
meta-command group, NONE, is available for configuring no
restrictions, to be used to relax restrictions imposed by other
mod_time directives.

The nickname parameter is used by the other mod_time
directives, as part of their named-time parameters, when looking for
applicable NamedTimes, and is case-sensitive.

The hours argument must be formatted like this:
hh:mm:ss-hh:mm:ss. Two digits are required for each number;
single numbers such as 5 would need to appear as 05. All times
are given according to a 24-hour clock. An hours parameter prefixed
with a ! means every time except that range specified by
the parameter.

As per crontab(5) entries, the days of the week are given in
integers, in the following manner: Sunday is the first day of the week
(0, and 7) through Saturday (6). As with the hours parameter, a
days parameter prefixed with a ! means all days
except the given days. The days parameter must be formatted
as a range, e.g.1-6, or as a list of specific days,
e.g.0,3,4,5. A range and a list may occur in the same
parameter, e.g.1-4,6. A value of * is shorthand for
"all days".

This directive applies a comma-delimited list of NamedTimes, in
their given order, to any of the commands in command-expression, for
the users belonging to classes given by class-expression. Any of the
listed FTP commands from those users that do not occur with the
NamedTimes' time limits will be denied.

A user-expression of "*" will match any user.

The command-expression may be composed of a comma-delimited list of
FTP commands to be restricted by time, as well as the meta-command groups of
<Limit>, such as DIRS, READ,
WRITE, LOGIN, and ALL. An additional
meta-command group, NONE, is available for configuring no
restrictions, to be used to relax restrictions imposed by other
mod_time directives.

To use mod_time's functionality, you must first define some time
limits using the NamedTime directive. These
NamedTimes are the building blocks for the rest of
mod_time's directives.

For example, to define a NamedTime for "normal business
hours", you would use a directive like this:

NamedTime normal-hours 08:00:00-17:00:00 1-5

which creates a NamedTime called "normal-hours" that is
applicable from 8 AM to 5 PM, Monday through Friday.

Conversely, if you wanted a NamedTime for everything
outside of these normal hours, you could use something like this:

NamedTime after-hours !08:00:00-17:00:00 0,6

After defining your NamedTimes, you then use the
UserCommandTimes, GroupCommandTimes,
ClassCommandTimes, and CommandTimes configuration
directives to apply those times to FTP commands, for the given user, group,
class, or to everyone.

To apply your "normal business hours" to everyone, use this:

CommandTimes ALL normal-hours

However, if you want to allow user friend to do anything at any
time, but still restrict everyone else, you would use these directives, in
addition to the above CommandTimes directive:

This will allow users that appear either in timed-group1 or
timed-group2 to download files during the 4-hour windows of the morning
or evening NamedTimes.

When an FTP command is denied, a message will be returned to the client. If no
DisplayAfterHours directive is in effect, mod_time
will then check for a configured AccessDenyMsg, and use that if
present. If neither of these two directives is applicable, a default
"%c is not allowed at this time" will be returned to the client,
where %c expands to the FTP command issued.

A special note about the user-expressions, group-expressions,
and class-expressions used by mod_time configuration
directives: they are not like other proftpd expressions, which are
Boolean AND expressions -- mod_time expressions are Boolean OR
expressions. Some might chide me for not following the pattern already used by
current directives and for seeding possible confusion. However, I felt that
the use of OR expressions to be so useful, particularly in the case of
user- and class-expressions, as to outweight the potential
confusion. Briefly, for the normal AND expressions to evaluate to true, every
component must be true; for user- and class-expressions, this
does not make much sense, as a logged in user can logically only belong to one
user, one class. Using OR expressions, any component that is true will
cause the expression to be true. This means that you need to be careful with
those !user, !group or !class
components, for any user that is not the given user, or is not a member of the
given group, or is not classified in the given class, will match.

This modules honors the TimesGMT, AccessDenyMsg,
and UserAlias configuration directives.